Malicious PDF — malware analysis report

Static analysis result for SHA-256 b10130b8e5214c73…

MALICIOUS

PDF

43.6 KB Created: 2019-03-19 16:23:18 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: 34460e707770d62c1d2a14a59bce09e5 SHA-1: 44df13e9f5b93bc8c2046e48c2f3814fd6896589 SHA-256: b10130b8e5214c730bcd3a79ec437e97b06cd2c96fa98a4a026e3abf79f899f1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, a common technique for SEO manipulation or to distribute a variety of malicious documents. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/diablo-ii-the-awakening-advanced-dungeons-dragons-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/families-in-poverty-families-in-the-21st-century-vol-1.pdf
    • http://www.gorillawalker.com/el-oscuro-final-los-libros-de-los-or-genes-3.pdf
    • http://www.gorillawalker.com/the-physics-of-speech-cambridge-textbooks-in-linguistics.pdf
    • http://www.gorillawalker.com/agricultural-drainage-agronomy-no-38.pdf
    • http://www.gorillawalker.com/the-natural-superiority-of-the-left-hander.pdf
    • http://www.gorillawalker.com/a-materia-medica-for-chinese-medicine-plants-minerals-and-animal.pdf
    • http://www.gorillawalker.com/small-works-poverty-and-economic-development-in-southwestern-china.pdf
    • http://www.gorillawalker.com/cuentos-inolvidables-segun-cortazar-serie-roja-spanish-edition.pdf
    • http://www.gorillawalker.com/philosophy-in-the-classroom.pdf
    • http://www.gorillawalker.com/the-young-colonists-kindle-edition.pdf
    • http://www.gorillawalker.com/the-non-independent-territories-of-the-caribbean-and-pacific-continuity.pdf
    • http://www.gorillawalker.com/gary-patterson-s-office-antics-2012-wall-calendar.pdf
    • http://www.gorillawalker.com/the-behavioral-health-specialist-in-primary-care-skills-for-integrated.pdf
    • http://www.gorillawalker.com/materials-at-high-strain-rates.pdf
    • http://www.gorillawalker.com/arthropod-collection-and-identification-laboratory-and-field-techniques.pdf
    • http://www.gorillawalker.com/l-av-nement-du-roi-le-codex-des-compagnons-t2.pdf
    • http://www.gorillawalker.com/schism-illirin-book-one-kindle-edition.pdf
    • http://www.gorillawalker.com/looking-at-history-through-mathematics.pdf
    • http://www.gorillawalker.com/british-pavilion-saville-expo-architecture-in-detail.pdf
    • http://www.gorillawalker.com/finding-equilibrium-arrow-debreu-mckenzie-and-the-problem-of-scientific.pdf
    • http://www.gorillawalker.com/analecta-quibus-historia-antiqvitates-jura-regni-norvegici-illustrantur-publici-juris.pdf
    • http://www.gorillawalker.com/scottish-education-before-1872-a-bibliography-scottish-council-for-research.pdf
    • http://www.gorillawalker.com/multimodality-in-writing-the-state-of-the-art-in-theory.pdf
    • http://www.gorillawalker.com/manuale-di-ingegneria-forense-teoria-e-pratica-della-consulenza-ingegneristica.pdf
    • http://www.gorillawalker.com/heikki-kaski-tranquillity.pdf
    • http://www.gorillawalker.com/symbiotic-mates-4-damian-and-the-doctor-siren-publishing-classic.pdf
    • http://www.gorillawalker.com/the-idea-of-latin-america.pdf
    • http://www.gorillawalker.com/the-perfect-suitor.pdf
    • http://www.gorillawalker.com/aerial-mapping-methods-and-applications-second-edition-mapping-science.pdf
    • http://www.gorillawalker.com/organic-synthesis-using-transition-metals.pdf
    • http://www.gorillawalker.com/saturn-paperback.pdf
    • http://www.gorillawalker.com/pickett-s-charge-at-gettysburg-a-guide-to-the-most.pdf
    • http://www.gorillawalker.com/beautiful-no-mow-yards-50-amazing-lawn-alternatives.pdf
    • http://www.gorillawalker.com/fatal-attractions-the-hot-blood-series-book-11.pdf
    • http://www.gorillawalker.com/thomism-in-john-owen.pdf
    • http://www.gorillawalker.com/mathematical-methods-of-classical-mechanics-graduate-texts-in-mathematics-kindle.pdf
    • http://www.gorillawalker.com/the-ultimate-weight-solution-2005-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/365-tao-daily-meditations-kindle-edition.pdf
    • http://www.gorillawalker.com/hamlet-and-other-shakespearean-essays.pdf
    • http://www.gorillawalker.com/a-materia-medica-for-chines
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.